13 April 2015Services

Only 1% of captives writing cyber: Aon

Only 1 percent of captive owners are funding cyber risk through their captives, despite the increasing severity and frequency of cyber attacks.

This is according to Aon’s 2014 captive benchmarking study, which added that this 1 percent figure has remained static since 2012, despite indications of interest in the product.

The study found that the majority of captives writing cyber were in the US healthcare industry. Aon said that this development reflects the importance of healthcare companies providing protection following the implementation of Obamacare. Obamacare places an obligation on medical companies, and particularly hospitals, to have electronic medical records which would be open to cyber-attack.

For EU based captives, proposed EU legislation has also stoked interest in writing cyber. The study said that this legislation will allow national data commissioners to fine companies that violate EU data protection rules and could lead to penalties of up to €100 million or up to 5 percent of the global annual turnover of a company.

One major challenge for captives in the cyber space is understanding the firms individual exposure. According to the report, few organisations understand enough to allow a scientific approach to calculating the organisation’s cyber exposure.

However, there is an indication that captive owners that do write cyber do so out of a desire to better understand their cyber exposure rather than doing so as a reaction to an unresponsive insurance market, the report claimed.

The report concluded that the low level of cyber in captives is correlated with a lack of clarity of the cyber risk exposure and quantification of consequences of cyber events, a challenge equally reflected in the reluctance of organisations to purchase cyber insurance from the insurance market.

“It is clear that the insurance markets also have more to do to understand cyber risk and offer insurance policies that will provide the correct protection. However, only the ability of an organisation to articulate their own risk profile to support better submissions to underwriters can truly drive this objective,” it said.